A video conferencing tool Zoom has become more popular, due to the home working incentive created by the Covid-19 virus.

However, a new term Zoombombing now describes when an unauthorized person joins a Zoom meeting or chat session that has mischievous or malicious intent. These intruders have posted hate speech and pornography, resulting in a warning from the FBI for the users toi be diligent and cautious. These individuals have been sharing their Zoom meeting IDs, via online forums and even recording their attacks on TikTok and YouTube. An automated tool now exists to locate Zoom rooms and meetings.

Holding private meetings with the use of the waiting room and password features help to keep control of who can enter the meeting, and when inviting people for the meeting avoid doing so via public social media posts only sending the links to specific contacts with direct messaging. Also locking the meeting once everyone has entered, plus disabling the screen sharing for non-hosts will provide safer usage of this platform. As normally make sure to keep update to date with all updates and patches.

The Citizen Lab has looked into the end to end encryption that Zoom states in its marketing material. As of writting it uses a dated encrytioned method AES-128, which leaves patterns in the input from the video allowing intercepted images to remain visible. They also observed that during test calls in North America, meeting keys where being sent via servers in Beijing. This highlighted the potential limitations in cryptography and the possibility of nation state attack attempts. However, upon checking their website they have issued an update on the 17th june 2020, and this states the default encryption is now AES 256 GCM. Plus E2EE (End To End Encryption) as an early beta July 2020.

There was also a bug that needed to be fixed which meant the attacker could takeover a Mac user's computer that was using Zoom, so making sure to apply the updates and security patches is always a good idea.

Can you really trust the sender's name and the links within the Emails you receive ?